#/bin/bash

set -e
set -x

mkdir -p /usr/local/nginx/ssl
cd /usr/local/nginx/ssl

cat > server.conf << EOF
[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = SAN
[ req_distinguished_name ]
countryName                 = Country Name (2 letter code)
countryName_default         = CN
stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = Shanghai
localityName                = Locality Name (eg, city)
localityName_default        = Shanghai
organizationName            = Organization Name (eg, company)
organizationName_default    = Company
commonName                  = Common Name (e.g. server FQDN or YOUR name)
commonName_max              = 64
commonName_default          = localhost
[ SAN ]
subjectAltName = DNS:localhost
EOF

openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr -config server.conf -extensions SAN -subj "/C=CN/ST=Shanghai/L=Shanghai/O=Company/CN=localhost"
openssl req -new -x509 -key server.key -out server.crt -days 3650 -config server.conf -extensions SAN -subj "/C=CN/ST=Shanghai/L=Shanghai/O=Company/CN=localhost"
openssl x509 -in server.crt -text -noout

set +x
set +e